The Obama administration wants the tech industry to take the lead in creating a trusted online identity ecosystem.

Talk of private and public partnerships for Internet security are a common
refrain, and the calls were heard yet again Jan. 7 when federal officials
announced plans for a new office within the U.S. Department of Commerce to
coordinate federal efforts to support the creation of a trusted
online identity ecosystem.
Taking the concept of trusted identities from discussion to reality, many
say, requires striking the proper balance between the private and
public sectors, and the government wants the tech industry to take the
lead.

"The president's
goal is to foster an identity ecosystem where Internet users can use
strong, interoperable credentials from public and private sector providers to
authenticate themselves online for a whole host of transactions," U.S.
Commerce Secretary Gary Locke told an audience of people at a forum at the
Stanford Institute for Economic Policy Research at Stanford
University.

"The solutions allowing us to actually achieve that goal are very
likely to emanate from your firms, and the players and the organizations here
in Silicon Valley," he added.
James Dempsey, vice president for public policy at the Center for Democracy
and Technology, agreed the Obama administration's National Strategy for Trusted
Identities in Cyberspace (NSTIC) initiative needs to be led by the private
sector.
"The problem here on some level is the government needs an identity
ecosystem or identity infrastructure ... but the government cannot create that
identity infrastructure because if it tried to, it wouldn't be trusted,"
he said at the forum.
The ecosystem should be voluntary, diverse-meaning there should be more
than one identity provider-and based on the concept of levels of assurance
ranging from anonymous to the highly verified for transactions that require that,
Dempsey said. It should also be just one part of the security puzzle, which
also needs to include baseline legislation on consumer privacy, he added.
Away from the forum, Forrester Research analyst Chenxi Wang said the need to
address security
issues on the Web should not drive the initiative in a direction that
compromises privacy or liberty.
"I think if the government tries to initiate a national identity
directory effort, it will fail miserably because people will not trust it. ... This
system will have to be based on open competition," she said. "I can
see Google being one of the suppliers of this national identity. I can even see
Salesforce playing a role.
"This will also have to be standards-based so private directories can
hook into the national repository if they wish," she added. "The
government will have a regulator role to play here-they can set restrictions on
how the identity information can be used, and also act as a facilitator for
international identity negotiations."
Ultimately, she said, if the infrastructure behind the initiative is built,
it will emerge as a virtual infrastructure with open standards-based
implementation that is hosted by various parties and monitored by industry
watchdog groups.
But while some feel the tech industry should take the lead, Gartner analyst
Avivah Litan offered a contrary opinion.
"The federal government is the most natural issuer of identities in a
federated identity scheme," she told eWEEK. "After all, they already
issue our [Social Security numbers]. It's too bad they haven't figured out
how to issue electronic identity credentials.
"In the meantime, what can we expect? Facebook is already a major
identity provider, and many e-commerce sites already rely on those Facebook
identities," Litan continued. "Granted, these are for seemingly
low-risk transactions, so that a bank or government agency disbursing benefits
would never be able to rely on it as an example for high-risk
transactions. But over time, I think we can expect Facebook, Google and
mobile commerce companies like Bling Nation to eventually figure out a business
model where they can back user identities and their high-level transactions as
long as they can make money at it-and as long as they get significant user
adoption."